Ivanti
Gird your loins, there’s a new pre-auth RCE in Ivanti boxes landing
"Code execution in 0 seconds (3 seconds to be more accurate), no limitation, no authentication..."
Cybersecurity
MITRE attack strikes a NERVE after Ivanti to VMware pivot
"We did not detect… lateral movement into our VMware infrastructure. At the time we believed we took all the necessary actions to mitigate the vulnerability, but these actions were clearly insufficient.”
Ivanti
13,000 unpatched Ivanti appliances exposed as attacks escalate, firmware analysis shocks users.
“Security” product shipped with a 13-year-old, unsupported base OS and software libraries with 973 vulnerabilities; 111 of which have publicly known exploits available.
News
NCSC vuln management guide details why to update by default - and why not to
Business should own the risk - not the security team
Ivanti
Ivanti 0day fest continues with fresh bugs, attacks, as CISA tells federal agencies "just disconnect"
"Threat actors have recently developed workarounds to current mitigations and detection methods and have been able to exploit weaknesses, move laterally, and escalate privileges without detection..."
Cybersecurity
Ivanti VPN appliance exploitation now happening at scale
VPN appliances "all appear to have been constructed with the code equivalent of string, stamped with the word ‘secure’ and then just left to decay for 20 years..."
vulnerabilities
Pre-auth RCE zero days in Ivanti VPNs are being exploited by a Chinese APT and there won’t be a patch for weeks. Buckle up.
Attackers re-write JavaScript loaded by the VPN login page for the Appliance to capture credentials; also grabbed Veeam credentials, moved laterally for full SYSTEM control.
News
MobileIron under active attack, admins warned to update
Ivanti is warning of attacks on its MobileIron platform due to improper handling of APIs
0days
Ivanti patches second EPMM zero-day
Ivanti has kicked out an urgent patch for cve-2023-35081, a zero-day flaw in EPMM that is under active exploit in the wild